----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65914/ -----------------------------------------------------------
(Updated March 8, 2018, 11:31 a.m.) Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, and Sailaja Polavarapu. Bugs: Ranger-1948 https://issues.apache.org/jira/browse/Ranger-1948 Repository: ranger Description ------- This Jira is to cater to need of Auditor roles in Ranger Admin. We can introduce Auditor Roles for both the Administrator Roles in Ranger Admin. * Auditor (Readonly privileges from current Admin role user ) * KMS Auditor (Readonly privileges from current Keydmin role user ) Diffs (updated) ----- security-admin/scripts/rolebasedusersearchutil.py d651461 security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java 15937c7 security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java 840bb38 security-admin/src/main/java/org/apache/ranger/biz/KmsKeyMgr.java 03bcb60 security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 224f1a0 security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ecde444 security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java a989c84 security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java 9eb8f1f security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java 8341a73 security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java a110035 security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java c2fac0b security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 487fefa security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java e31e9d7 security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java 0e99be1 security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java bcf9080 security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java d3a28f7 security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java 9f7cd26 security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java cb7ca52 security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java 9c19bb0 security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java c81a6f3 security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java 6951cbd security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java 4227d85 security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 87da9a0 unixauthservice/scripts/install.properties be8723c Diff: https://reviews.apache.org/r/65914/diff/3/ Changes: https://reviews.apache.org/r/65914/diff/2-3/ Testing ------- Tested scenario's: 1.Tested admin user is able to create User role user. 2.Tested admin user is able to create Auditor role user. 3.Tested admin user is not able to create kms auditor role user. 4.Tested keyadmin user is able to create kms auditor. 5.Tested auditor is able to only view policies, users, services and audits. 6.Tested kms auditor is able to only view policies, users, services, audits and keys. 7.Tested auditor is able to see permission tab but kms auditor should not see permission tab. 8.Auditor role users are not allowed to import/export policies 9.Verified syncing of users from auditor role :: if we add them in properties install.properties of usersync during initial start of usersync.Property value in install.properties will be GROUP_BASED_ROLE_ASSIGNMENT_RULES= &ROLE_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:u:userName&ROLE_KEY_ADMIN_AUDITOR:g:groupName&ROLE_ADMIN_AUDITOR:g:groupName Thanks, Fatima Khan